Published: 12 August 2009
An IT Manager and mate of mine did his least favourite task yesterday. He had to fire someone. Never nice, never easy. What made this job even harder was the thought in the back of his mind that he was going to have to change all the admin passwords on all the security appliances.
Unfortunately, he couldn't just disable the chaps account on each device (which would have taken a huge amount of time) because he had never implemented personalized accounts. It was just too much hassle, and the admins moaned for just having to remember one static password for all the security appliances, worse yet their AD password had to be changed every 60 days. Most of the appliances couldn’t talk to Active Directory as they were Linux based systems. He had looked into token based strong authentication as they already had an RSA Auth Manager server but having done the research (or rather got one of his admins to do the research!) they concluded that it would take weeks of effort to setup the token based authentication on every appliance they had and they still had to create and add/delete individual accounts on most devices because the tokens are only used for the authentication and not for the user lookup. I sympathised with him, and told him, "Don't worry, you're life will get easier very soon..."